Last updated 2026-07-09

TL;DR
Calling or texting someone on the National Do Not Call Registry is a federal violation under 47 USC 227 and 16 CFR Part 310. The FTC and FCC can each fine violators up to $53,088 per call. Consumers can also sue for $500 to $1,500 per call. Exemptions exist for established business relationships, written consent, and nonprofit calls, but they are narrower than most teams assume.
What exactly is a do not call list violation?
A do not call list violation happens when a seller or telemarketer calls or texts a number on the National Do Not Call Registry without a legal basis to do so. Two laws apply at once: the Telephone Consumer Protection Act at 47 USC 227, and the FTC's Telemarketing Sales Rule at 16 CFR Part 310 [1][2]. One bad call can trigger liability under both frameworks.
The FTC has run the registry since 2003. Once a consumer registers a number, it stays on the list permanently unless they remove it or the number gets reassigned [3]. Sellers and telemarketers have to pull fresh registry data at least every 31 days and scrub their call lists against it [2].
The violation is close to strict liability. You don't have to intend to call a registered number. If your dialer hits a registered number and you had no valid exemption, you're exposed. Whether enforcement follows, and how hard, depends on scale, your history, and whether you ran any compliance program at all.
There's a narrow safe harbor. If you accessed the registry, paid the fees, and made a good-faith mistake despite real procedures, you can avoid FTC civil penalties (though not private lawsuits) under 16 CFR 310.4(b)(3)(iv) [2]. Courts have not been generous with it. Treat it as a backstop, not a plan.
What are the charges and fines for do not call list violations?
The numbers are large. The FTC can seek civil penalties up to $53,088 per violation [4]. The FCC's cap matches, because both agencies raise their penalty ceilings every year for inflation under the Federal Civil Penalties Inflation Adjustment Act. As of 2024, that per-violation maximum sits at $53,088 [4].
Private lawsuits run on a separate track. Under 47 USC 227(c)(5), a person who gets more than one telephone solicitation in a 12-month period after registering can sue for $500 per call [1]. If a court finds the violation willful or knowing, that trebles to $1,500 per call [1]. Nothing caps the number of calls, which is why class actions thrive here.
Here's how the tracks stack up:
| Who brings the action | Statute | Per-violation maximum |
|---|---|---|
| FTC civil penalty | 16 CFR Part 310 | $53,088 |
| FCC civil penalty | 47 USC 227 | $53,088 |
| State AG enforcement | Varies by state | Varies; often $1,000-$25,000 |
| Private plaintiff, negligent | 47 USC 227(c)(5) | $500 |
| Private plaintiff, willful | 47 USC 227(c)(5) | $1,500 |
Enforcement examples give a sense of scale. In 2023 the FTC won a multi-million-dollar judgment against a telemarketing operation [5]. The FCC has proposed forfeitures in the tens of millions against single robocall campaigns [6]. Those are outliers. They show where agency patience ends.
For small outbound teams, private class actions are the closer risk. A plaintiff's attorney needs only two or three calls to a registered number to open a case, and litigation costs alone can pass $100,000 before anyone talks settlement.
Who enforces do not call list violations?
Four groups can come after you, and they work independently. Any one of them can act without the others.
The FTC enforces the Telemarketing Sales Rule. It files civil penalty actions in federal court, usually after complaint patterns build up through donotcall.gov or referrals from state attorneys general [3]. The FTC also uses Section 5 of the FTC Act to chase deceptive or unfair practices that overlap with DNC violations.
The FCC enforces the TCPA itself at 47 USC 227. It handles complaints about autodialed calls, prerecorded messages, and calls to registered numbers [6]. The FCC normally issues a Notice of Apparent Liability before any formal forfeiture, giving the company a window to respond.
State attorneys general have concurrent authority under the TCPA and their own telemarketing statutes. Florida, Texas, and Pennsylvania, among others, run their own do not call registries with separate registration and scrubbing rules [7]. Break the state registry and you add state-law liability on top of the federal exposure. Calling into multiple states means checking each state's rules. See the do not call list overview for a state-by-state breakdown, plus the florida do not call list and pennsylvania do not call list articles for two states with active enforcement.
Private plaintiffs are the fourth vector. Any consumer who qualifies under 47 USC 227(c)(5) can sue without waiting for an agency. Some plaintiff attorneys who specialize in TCPA work keep registered numbers in their own household and wait for the calls to come. It's a real practice, and it works.
What exemptions actually apply to do not call list rules?
This is where teams get burned. They've heard exemptions exist and assume they qualify. Often they don't.
The four main exemptions under the TCPA and TSR:
1. Established business relationship (EBR). A consumer who bought something, made a payment, or sent an inquiry can be called even while registered: up to 18 months after a purchase or payment, up to 3 months after an inquiry [2]. The EBR dies the second the consumer asks you to stop. One opt-out ends it for good.
2. Prior express written consent. Written consent to receive calls overrides the registration. "Written" now covers electronic signatures and checkbox opt-ins, but the consent has to name the specific seller making the call [1]. Buying leads where someone agreed to hear from "marketing partners" almost never clears this bar.
3. Personal relationship. Calls to family and friends are exempt. Not useful for a business.
4. Nonprofit organizations. Calls made on behalf of tax-exempt nonprofits fall outside the national registry rules [3]. Charities can still call registered numbers, though state rules sometimes differ.
B2B calls sit largely outside TCPA scope for the national registry, but that cover is thinner than people think. Call a cell phone that a business contact also uses personally, and the personal-use protections can kick in. Several states extend DNC protection to business numbers too.
For more on pulling and using the official registry to scrub, see how do i get the do not call list.
How do consumers report do not call list violations?
Consumers file complaints at donotcall.gov, which feeds the FTC's complaint database [3]. The FTC doesn't chase every single complaint, but patterns in the database trigger enforcement sweeps. Filing takes about three minutes and can include caller ID, call time, and a description of the pitch.
The FCC takes complaints at consumercomplaints.fcc.gov for TCPA-specific violations, including unwanted robocalls and texts [6]. That system is separate from the FTC's and feeds a different database used for forfeiture proceedings.
State attorneys general run their own intake systems, and several states (Florida and Indiana included) have dedicated DNC enforcement units. See the indiana do not call list article for how Indiana's program works, since it's one of the more active state programs.
Consumers who want to sue don't have to file a complaint first. They can hire a TCPA attorney and send a demand letter directly. Many plaintiff attorneys here offer free consultations and work on contingency, because the statutory damages are predictable. That math makes even small-volume violations worth pursuing, which is exactly why one-off mistakes create real exposure for small teams.
To understand what a consumer sees when they look up a do not call list number or file a do not call list report, those resources walk through the consumer side, which is worth knowing from a compliance seat.
Does the do not call list apply to cell phones and text messages?
Yes. Both. This is one of the most common mistakes in outbound sales.
The national registry covers any residential line, and the FTC confirms that registered wireless numbers get the same protection as landlines [3]. Separately, the TCPA layers on more restrictions for cell phones no matter what the registry says, because 47 USC 227(b) bars using an autodialer to call wireless numbers without prior express consent [1].
The FCC has treated SMS as a "call" under the TCPA since at least 2003, and courts keep affirming it. Texting a registered number without consent is a violation. Texting any wireless number with an autodialer without consent is a separate violation under 227(b), even if the number never touched the registry.
So an SMS outbound campaign has two independent problems to solve. Registry scrubbing handles one. Documented prior express written consent for each recipient handles the other. The mobile phone do not call list article goes deeper on the wireless-specific rules.
One trap: teams assume a short-code SMS program with keyword opt-in satisfies both requirements. It doesn't. Marketing consent from one program's opt-in doesn't stretch to cold outreach to that same number for a different purpose.
What internal compliance steps actually prevent violations?
Most violations that end in FTC or FCC action weren't one rogue call. They were a broken or missing scrubbing process running for months.
The minimum viable compliance stack for outbound calling:
First, subscribe to the national registry through telemarketing.donotcall.gov [10]. It's free for up to five area codes per organization, with paid tiers for more. Download fresh data at least every 31 days. Not quarterly. Not annually.
Second, scrub every call list against the registry before dialing. Not once at list acquisition. Every 31 days, because new numbers register constantly.
Third, keep your own internal do not call list. Under 16 CFR 310.4(b)(1)(iii), you must hold a company-specific list of people who asked you not to call and honor those requests for five years [2]. This is separate from the national registry. Someone on your internal list should be blocked even if they never registered nationally.
Fourth, document everything. The FTC safe harbor requires proof you accessed the registry and that the violation came from an error despite established procedures. No documentation, no safe harbor.
Fifth, train your team. Agents who override DNC flags or ignore an opt-out mid-call create liability that no process control can catch after the fact.
LeadCompliant's free compliance checklist covers the scrubbing schedule, consent documentation, and internal DNC list rules in one place. Handy if you're building this from scratch.
For state rules layered on top of federal, the do not call list pa and fl do not call list articles cover two states where the extra requirements catch teams off guard.
What happens after a company is accused of a do not call list violation?
The process depends on who's alleging it.
FTC civil enforcement usually follows a complaint pattern. The FTC investigates, issues a civil investigative demand (a subpoena for records), and then either closes the file or files a complaint in federal district court [5]. Most cases settle, but settlements carry injunctions and civil money penalties. The FTC publishes final orders, so your settlement becomes public record.
FCC enforcement opens with a Notice of Apparent Liability that proposes a specific dollar forfeiture. The company gets 30 days to file a written opposition. The FCC then issues a forfeiture order, which is appealable in federal court [6].
Private TCPA suits run on standard federal civil procedure. A plaintiff files, and the case moves fast toward settlement talks, because litigation costs on both sides are high next to the statutory damages at stake. Class actions can resolve for seven figures even with small individual damages, thanks to the per-call multiplier across thousands of members.
Get a demand letter from a TCPA plaintiff attorney? Get a lawyer involved immediately. Don't answer it yourself. And don't wave it off as frivolous because the number looks small. These attorneys know the statute cold, and the letter usually reflects real exposure.
The realistic outcome for a small company with a handful of bad calls and no compliance program is a nuisance settlement in the $10,000 to $50,000 range for a private case. A company that ran systematic violations for months faces far bigger numbers.
How is the national do not call list different from state do not call lists?
The national registry covers the whole country, but many states run their own parallel lists with extra requirements. A number can sit on a state list without being on the national one, so scrubbing only the national registry falls short if you call into states with separate programs.
Texas, Florida, Indiana, and Pennsylvania run well-known state programs [7]. Indiana keeps its state DNC list separate from the national registry, with its own registration and scrubbing deadlines. Florida's Telemarketing Act adds rules on call timing, disclosure, and registration that go past federal law.
Here's the practical point. If a consumer registered on a state list and you scrubbed only the national registry, you've broken the state law even when the call was clean federally. State attorneys general have sued for exactly that.
Some state lists are free. Others charge fees. Some require seller registration with a state agency before any calls go out. The government do not call list article explains how federal and state lists interact, and the ftc do not call list article covers the national registry's mechanics.
If your team calls nationally, subscribe to both the national registry and any state registries covering your top markets. It's tedious. It's also far cheaper than a state AG enforcement action.
What do recent FTC and FCC enforcement actions tell us about risk?
The trend over the last five years runs toward larger penalties, faster action, and tighter coordination between federal agencies and state AGs.
The FTC's annual complaint data shows the agency takes in millions of DNC-related consumer complaints a year [8]. Most never become individual actions, but the aggregate pattern is what launches multi-defendant sweeps. Operation Stop Scam Calls, run jointly with state partners, produced multiple simultaneous actions across several states.
The FCC's recent enforcement work increasingly uses call authentication data from the STIR/SHAKEN framework to trace robocall campaigns back to originating carriers and then to the sellers behind them [9]. STIR/SHAKEN makes hiding behind spoofed caller ID much harder.
One clear pattern: actions disproportionately target operations that called registered numbers AND used robocalls or prerecorded messages. The combination draws more agency attention than either alone.
For smaller teams, the lesson is that the FTC and FCC chase volume offenders. Private plaintiffs have no volume floor. A solo plaintiff can sue over two calls. So even if you're too small for the FTC's radar, you're plenty big enough for a demand letter.
The statute at 47 USC 227(c)(5) reads: "A person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations prescribed under this subsection may" bring a civil action [1]. The threshold is more than one call. That's a low bar.
Is there a way to check if a number is on the do not call list before calling?
Yes. The FTC runs a free lookup for verifying whether specific numbers are registered, through telemarketing.donotcall.gov [10]. Organizations can query individual numbers at no cost. Bulk downloads need a subscription, priced by the number of area codes covered.
The free tier covers up to five area codes per organization. Call into more markets and you'll need a paid subscription. National registry pricing runs from free (up to five area codes) to a couple thousand dollars a year for full national coverage. That's cheap insurance against the penalty exposure.
Third-party data vendors also offer real-time DNC scrubbing inside their list-hygiene services. They fold the national registry, state lists, and sometimes wireless-only databases into one scrubbing step, usually billed per record or per month. The convenience is real. Just confirm the vendor refreshes its registry data often enough to keep you inside the 31-day window.
Worth knowing: a lookup tells you a number's current status. It doesn't tell you why or when it was registered. And if a number moved from a registered consumer to a new holder, the old registration may still show as active. Reassigned numbers are a separate TCPA problem, which the FCC addressed with the Reassigned Numbers Database [9], launched in 2021.
Frequently asked questions
How much is the fine for calling someone on the do not call list?
Federal agencies can impose civil penalties up to $53,088 per violation. Private individuals can sue for $500 per unwanted call, or up to $1,500 if the court finds the violation was willful. There's no cap on the number of calls a plaintiff can pursue, so class action exposure can reach into the millions even when individual damages are modest.
How many calls does it take to be a do not call list violation?
Technically, any call to a registered number without a valid exemption is a violation. For private lawsuits, a consumer needs to have received more than one solicitation within a 12-month period from the same entity to sue under 47 USC 227(c)(5). For FTC or FCC enforcement, there's no minimum call count, though agencies usually act on pattern violations.
Can I still call someone on the do not call list if they were my customer?
Yes, for up to 18 months after their last purchase or payment through the established business relationship exemption. For inquiries, the window is three months. But if the consumer ever tells you they don't want to be called, that request ends the EBR permanently, even if the 18-month window hasn't closed.
Do do not call list rules apply to text messages?
Yes. The FCC treats SMS as a call under the TCPA. Texting a registered number without consent breaks the national registry rules. Texting a wireless number using an autodialer without prior express written consent is a separate violation under 47 USC 227(b), regardless of registry status. You have to handle both problems independently.
How long does a number stay on the national do not call registry?
Permanently, unless the consumer removes it or the number is reassigned. Earlier rules required re-registration every five years, but the Do-Not-Call Improvement Act of 2007 made registrations permanent. Reassigned numbers are a separate issue: if a number changes hands, the new holder may not be registered, but the old registration can still appear in the database.
What is the FTC's safe harbor for do not call violations?
Under 16 CFR 310.4(b)(3)(iv), a seller isn't liable for civil penalties if it accessed the registry, paid required fees, and the violation resulted from an error despite established compliance procedures. The safe harbor applies only to FTC penalty actions, not private lawsuits. Courts read it narrowly, and it requires documented, functioning procedures.
Can a business be sued for do not call violations even if they didn't make the call themselves?
Yes. The FTC and courts apply vicarious liability to sellers who use third-party telemarketers. Hire a vendor to call on your behalf and that vendor breaks the registry rules, and you can be liable as the seller. Vendor contracts should require DNC compliance, but the contract alone won't shield you if you had reason to know about violations.
What is the difference between the national do not call registry and a company's internal do not call list?
The national registry is the FTC-maintained database consumers opt into. Your internal DNC list is your own record of people who asked you specifically not to call. You must maintain and honor both. The 16 CFR Part 310 rules require you to keep internal opt-out records for five years and honor them within 30 days of the request.
Does the do not call list apply to nonprofit organizations?
Calls made purely on behalf of tax-exempt nonprofits are exempt from the national registry rules at the federal level. But if a for-profit telemarketer makes the calls on the nonprofit's behalf, the exemption may not apply. Some states have narrower or differently worded nonprofit exemptions, so state law needs separate review.
How do I report a do not call list violation if someone calls me?
File a complaint at donotcall.gov for FTC matters, or consumercomplaints.fcc.gov for TCPA-related robocall complaints. Have the caller's number, date, time, and a description of the pitch ready. You can also contact your state attorney general if your state runs its own DNC program. Filing a complaint doesn't start a private lawsuit; for that, contact a TCPA plaintiff attorney.
Are B2B calls exempt from do not call list rules?
Business-to-business calls sit largely outside the national do not call registry, which covers residential numbers. But the exemption is narrower than it sounds. Call a mobile number a business contact also uses personally, and TCPA wireless protections can apply. Some states extend DNC protection to business numbers. Confirm the number's use type before assuming a B2B exemption.
How often do I need to scrub my call list against the do not call registry?
At a minimum, every 31 days. The FTC's rules require that your call list be scrubbed against registry data no more than 31 days old at the time of each call. Scrubbing quarterly or only at list acquisition isn't enough and won't support a safe harbor defense. Many teams automate this on a monthly or bi-weekly schedule to stay inside the window.
Can I face do not call list charges if I called the wrong number by mistake?
Possibly. The FTC safe harbor can protect against penalty liability for documented good-faith errors when you have established compliance procedures. But it doesn't apply to private lawsuits, and courts don't require intent to hold defendants liable under 47 USC 227. The mistake argument helps more in settlement talks than in litigation.
What should I do if I receive a TCPA demand letter about a do not call list violation?
Contact a TCPA defense attorney immediately. Don't respond to the letter yourself or make any admissions. Pull your call records and consent documentation right away so your attorney can assess the merits. Most demand letters here are legitimate, because plaintiff attorneys verify the facts before sending. Ignoring the letter makes things worse.
Sources
- U.S. Government, Telephone Consumer Protection Act, 47 USC 227 (Legal Information Institute): Statutory text governing private right of action ($500/$1,500 per call) and prohibition on calls to registered numbers under 47 USC 227(c)(5)
- FTC, Telemarketing Sales Rule, 16 CFR Part 310: TSR requirements for registry scrubbing every 31 days, internal DNC list maintenance for 5 years, and safe harbor provisions at 16 CFR 310.4(b)
- FTC, National Do Not Call Registry information for consumers and telemarketers: Registry permanence, telemarketer subscription and lookup requirements, and consumer complaint filing
- FTC, Civil penalty amount adjustments (Legal Library rules and enforcement): FTC maximum civil penalty of $53,088 per violation as adjusted for inflation
- FTC, Press releases and enforcement actions: FTC enforcement actions and settlement amounts including multi-million dollar judgments against telemarketing violators
- National Conference of State Legislatures, State Do Not Call Laws: State-level DNC registries in Florida, Texas, Indiana, Pennsylvania and others with separate registration and scrubbing requirements
- FTC, Do Not Call Registry Data Book and enforcement reports: FTC receives several million DNC-related consumer complaints per year
- FTC, Telemarketing.donotcall.gov subscription portal for telemarketers: Registry subscription is free for up to five area codes per organization; paid tiers for additional area codes; individual number lookup available